PublicDateAtUSN: 2014-11-05
Candidate: CVE-2014-8541
PublicDate: 2014-11-05 11:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8541
 http://www.ffmpeg.org/security.html
 https://ubuntu.com/security/notices/USN-2944-1
Description:
 libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension
 differences, and not bits-per-pixel differences, when determining whether
 an image size has changed, which allows remote attackers to cause a denial
 of service (out-of-bounds access) or possibly have unspecified other impact
 via crafted MJPEG data.
Ubuntu-Description:
 It was discovered that Libav incorrectly handled certain media
 files. An attacker could possibly use this issue to cause a denial of
 service or other unspecified impact.
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_mplayer:
upstream_mplayer: needs-triage
lucid_mplayer: ignored (reached end-of-life)
precise_mplayer: ignored (reached end-of-life)
precise/esm_mplayer: DNE (precise was needed)
trusty_mplayer: not-affected (uses system ffmpeg)
trusty/esm_mplayer: DNE (trusty was not-affected [uses system ffmpeg])
utopic_mplayer: DNE
vivid_mplayer: DNE
vivid/stable-phone-overlay_mplayer: DNE
vivid/ubuntu-core_mplayer: DNE
wily_mplayer: DNE
xenial_mplayer: not-affected (code not present)
yakkety_mplayer: ignored (reached end-of-life)
zesty_mplayer: ignored (reached end-of-life)
artful_mplayer: ignored (reached end-of-life)
bionic_mplayer: not-affected (code not present)
cosmic_mplayer: not-affected (code not present)
disco_mplayer: not-affected (code not present)
devel_mplayer: not-affected (code not present)

Patches_ffmpeg:
 upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39
upstream_ffmpeg: needs-triage
lucid_ffmpeg: ignored (reached end-of-life)
precise_ffmpeg: DNE
precise/esm_ffmpeg: DNE
trusty_ffmpeg: DNE
trusty/esm_ffmpeg: DNE
utopic_ffmpeg: DNE
vivid_ffmpeg: not-affected (7:2.5.4-1)
vivid/stable-phone-overlay_ffmpeg: DNE
vivid/ubuntu-core_ffmpeg: DNE
wily_ffmpeg: not-affected (7:2.5.4-1)
xenial_ffmpeg: not-affected (7:2.5.4-1)
yakkety_ffmpeg: not-affected (7:2.5.4-1)
zesty_ffmpeg: not-affected (7:2.5.4-1)
artful_ffmpeg: not-affected (7:2.5.4-1)
bionic_ffmpeg: not-affected (7:2.5.4-1)
cosmic_ffmpeg: not-affected (7:2.5.4-1)
disco_ffmpeg: not-affected (7:2.5.4-1)
devel_ffmpeg: not-affected (7:2.5.4-1)

Patches_libav:
 upstream: https://git.libav.org/?p=libav.git;a=commit;h=809c3023b699c54c90511913d3b6140dd2436550
upstream_libav: released (11.2,10.6)
lucid_libav: DNE
precise_libav: released (4:0.8.17-0ubuntu0.12.04.2)
precise/esm_libav: DNE (precise was released [4:0.8.17-0ubuntu0.12.04.2])
trusty_libav: ignored (reached end-of-life)
trusty/esm_libav: DNE (trusty was needed)

utopic_libav: ignored (reached end-of-life)
vivid_libav: not-affected (6:11.2-1)
vivid/stable-phone-overlay_libav: DNE
vivid/ubuntu-core_libav: DNE
wily_libav: DNE
xenial_libav: DNE
yakkety_libav: DNE
zesty_libav: DNE
artful_libav: DNE
bionic_libav: DNE
cosmic_libav: DNE
disco_libav: DNE
devel_libav: DNE